Security Advisory Moderate: NetworkManager security update

Advisory: RHSA-2009:0362-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-03-25
Last updated on: 2009-03-25
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20090362.xml
CVEs (cve.mitre.org): CVE-2009-0365

Details

Updated NetworkManager packages that fix a security issue are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.

An information disclosure flaw was found in NetworkManager's D-Bus
interface. A local attacker could leverage this flaw to discover sensitive
information, such as network connection passwords and pre-shared keys.
(CVE-2009-0365)

Red Hat would like to thank Ludwig Nussel for responsibly reporting this
flaw.

NetworkManager users should upgrade to these updated packages, which
contain a backported patch that corrects this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
NetworkManager-0.3.1-5.el4.src.rpm     045445d661f8fd2ae5d8d1a7c25166e8
 
IA-32:
NetworkManager-0.3.1-5.el4.i386.rpm     eecc42ca9304572bcb742708f8b3216c
NetworkManager-gnome-0.3.1-5.el4.i386.rpm     c26a31fd0a65bb612a163395d877cd60
 
x86_64:
NetworkManager-0.3.1-5.el4.x86_64.rpm     20045ba181e3c4c0bcdae7596973db49
NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm     8ba85e702cd8c4a2be098b9707ce4604
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
NetworkManager-0.3.1-5.el4.src.rpm     045445d661f8fd2ae5d8d1a7c25166e8
 
IA-32:
NetworkManager-0.3.1-5.el4.i386.rpm     eecc42ca9304572bcb742708f8b3216c
NetworkManager-gnome-0.3.1-5.el4.i386.rpm     c26a31fd0a65bb612a163395d877cd60
 
IA-64:
NetworkManager-0.3.1-5.el4.ia64.rpm     a2e7fc7b60754adc85d9934bd8a93092
NetworkManager-gnome-0.3.1-5.el4.ia64.rpm     36321e52f174b9941197cab264341c28
 
PPC:
NetworkManager-0.3.1-5.el4.ppc.rpm     9d5b337294e0b8d4bdd373318c29efb3
NetworkManager-gnome-0.3.1-5.el4.ppc.rpm     3a5eb83e47bc12af06a4dbf624d0f588
 
x86_64:
NetworkManager-0.3.1-5.el4.x86_64.rpm     20045ba181e3c4c0bcdae7596973db49
NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm     8ba85e702cd8c4a2be098b9707ce4604
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
NetworkManager-0.3.1-5.el4.src.rpm     045445d661f8fd2ae5d8d1a7c25166e8
 
IA-32:
NetworkManager-0.3.1-5.el4.i386.rpm     eecc42ca9304572bcb742708f8b3216c
NetworkManager-gnome-0.3.1-5.el4.i386.rpm     c26a31fd0a65bb612a163395d877cd60
 
IA-64:
NetworkManager-0.3.1-5.el4.ia64.rpm     a2e7fc7b60754adc85d9934bd8a93092
NetworkManager-gnome-0.3.1-5.el4.ia64.rpm     36321e52f174b9941197cab264341c28
 
PPC:
NetworkManager-0.3.1-5.el4.ppc.rpm     9d5b337294e0b8d4bdd373318c29efb3
NetworkManager-gnome-0.3.1-5.el4.ppc.rpm     3a5eb83e47bc12af06a4dbf624d0f588
 
x86_64:
NetworkManager-0.3.1-5.el4.x86_64.rpm     20045ba181e3c4c0bcdae7596973db49
NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm     8ba85e702cd8c4a2be098b9707ce4604
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
NetworkManager-0.3.1-5.el4.src.rpm     045445d661f8fd2ae5d8d1a7c25166e8
 
IA-32:
NetworkManager-0.3.1-5.el4.i386.rpm     eecc42ca9304572bcb742708f8b3216c
NetworkManager-gnome-0.3.1-5.el4.i386.rpm     c26a31fd0a65bb612a163395d877cd60
 
IA-64:
NetworkManager-0.3.1-5.el4.ia64.rpm     a2e7fc7b60754adc85d9934bd8a93092
NetworkManager-gnome-0.3.1-5.el4.ia64.rpm     36321e52f174b9941197cab264341c28
 
x86_64:
NetworkManager-0.3.1-5.el4.x86_64.rpm     20045ba181e3c4c0bcdae7596973db49
NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm     8ba85e702cd8c4a2be098b9707ce4604
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
NetworkManager-0.3.1-5.el4.src.rpm     045445d661f8fd2ae5d8d1a7c25166e8
 
IA-32:
NetworkManager-0.3.1-5.el4.i386.rpm     eecc42ca9304572bcb742708f8b3216c
NetworkManager-gnome-0.3.1-5.el4.i386.rpm     c26a31fd0a65bb612a163395d877cd60
 
IA-64:
NetworkManager-0.3.1-5.el4.ia64.rpm     a2e7fc7b60754adc85d9934bd8a93092
NetworkManager-gnome-0.3.1-5.el4.ia64.rpm     36321e52f174b9941197cab264341c28
 
x86_64:
NetworkManager-0.3.1-5.el4.x86_64.rpm     20045ba181e3c4c0bcdae7596973db49
NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm     8ba85e702cd8c4a2be098b9707ce4604
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
NetworkManager-0.3.1-5.el4.src.rpm     045445d661f8fd2ae5d8d1a7c25166e8
 
IA-32:
NetworkManager-0.3.1-5.el4.i386.rpm     eecc42ca9304572bcb742708f8b3216c
NetworkManager-gnome-0.3.1-5.el4.i386.rpm     c26a31fd0a65bb612a163395d877cd60
 
IA-64:
NetworkManager-0.3.1-5.el4.ia64.rpm     a2e7fc7b60754adc85d9934bd8a93092
NetworkManager-gnome-0.3.1-5.el4.ia64.rpm     36321e52f174b9941197cab264341c28
 
x86_64:
NetworkManager-0.3.1-5.el4.x86_64.rpm     20045ba181e3c4c0bcdae7596973db49
NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm     8ba85e702cd8c4a2be098b9707ce4604
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

487722 - CVE-2009-0365 NetworkManager: GetSecrets disclosure


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/